Downloads |
 Feedback
|
Table Of Contents
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Configuring a Service Group Using WCCP Version 2
Running a Reverse Proxy Service
Registering a Router to a Multicast Address
Informing a Router of Valid IP Addresses
Setting a Password for a Router and Cache Engines
Disabling Caching for Certain Clients
Verifying WCCP Configuration Settings
Monitoring and Maintaining WCCP Version 2
Performing a General WCCP Version 2 Configuration
Running a Reverse Proxy Service
Registering a Router to a Multicast Address
Informing a Router of Valid IP Addresses
Setting a Password for a Router and Cache Engines
Disabling Caching for Certain Clients
WCCPv2 and WCCP Enhancements
Release 12.0(11)S
June 20, 2000This feature module describes the Web Cache Communication Protocol (WCCP) Enhancements feature and includes information on the benefits of the new feature, supported platforms, configuration tasks and a command reference.
This document includes the following sections:
•
Supported Standards, MIBs, and RFCs
•
Feature Overview
WCCP enhancements add support for WCCP Version 2 for Cisco IOS Release 12.0 (11)S. With the WCCP feature you can use Cisco Cache engines or third-party cache engines to handle web traffic, reducing transmission costs and download time. This traffic includes user requests to view pages and graphics on World Wide Web servers, whether internal or external to your network, and the replies to those requests. When a user requests a page from a web server (located in the Internet), the router sends the request to a cache engine. If the cache engine has a copy of the requested page in storage, the cache engine sends the user that page. Otherwise, the cache engine retrieves the requested page and the objects on that page from the web server, stores a copy of the page and its objects, and forwards the page and objects to the user.
WCCP transparently redirects a variety of traffic types, specified by protocol (TCP or UDP) and port. Cisco Cache Engine supports only redirection of HTTP (TCP port 80) traffic requests from the intended server to a cache engine. End users do not know that the page came from the cache engine rather than from the originally requested web server.
WCCP Version 2 for Cisco IOS 12.0 S now contains the following new features:
Distributed CEF Support
WCCP Version 2 currently supports Cisco Express Forwarding (CEF), Fast, and Process forwarding paths. CEF is advanced Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns, such as the Internet, on networks characterized by intensive Web-based applications, or interactive sessions. Distributed CEF (dCEF) is one of two modes of CEF operation that enables line cards to perform the express forwarding between port adapters.
The addition of support for distributed CEF (dCEF) improves performance and scalability by reducing processor load on the router. With dCEF packet classification and redirection takes place on the linecards.
Input Feature
WCCP Version 2 was previously an output feature only, with packets classified by WCCP after a routing table lookup. CEF output features impose an overhead on packets arriving at all interfaces. You can now mark an interface for input redirection via the CLI. Also, you can now configure WCCP as an input feature to CEF, dCEF, Fast, and Process forwarding paths. When configured as an input feature WCCP classifies packets before the routing table reducing overhead time.
Policy Redirection
WCCP Version 2 can now classify packets by Border Gateway Protocol (BGP) attributes associated with the source or destination IP address of a packet. You can set a WCCP tag on one or more routes based on the route BGP attributes. WCCP tags are set using a route map. You can configure a WCCP service with a source or destination tag.
After you set a WCCP tag on a route or routes, you can configure a WCCP service with the same tag. WCCP then only redirects packets coming from or going to the tagged routes.When WCCP classifies a packet it matches the packet against a service description. If the packet matches the service description WCCP performs tag matching. If the tag is a source tag, the FIB entry matching the source address of the packet is retrieved and the WCCP tag is examined. If the WCCP tag is a destination tag, the FIB entry matching the packet destination IP address is retrieved. When the FIB tag does not match the WCCP service tag, the packet is not matched against the service.
Benefits
The WCCP Version 2 provides the following benefits:
•
•
•
•
•
Restrictions
•
Related Features and Technologies
•
•
•
Related Documents
•
•
•
•
Supported Platforms
•
•
Determining Platform Support Through Cisco Feature Navigator
Use Cisco Feature Navigator to find information about platform support and Cisco IOS, Catalyst OS, and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.
MIBs
No new or modified MIBs are supported by this feature.
For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
No new or modified RFCs are supported by this feature.
Prerequisites
Before you use WCCP Version 2, you must complete the following tasks:
•
•
Configuration Tasks
See the following sections for configuration tasks for the WCCP v2 Enhancements feature. Each task in the list indicates if the task is optional or required.
You can configure a router to run the Web cache and reverse proxy services associated with WCCP Version 2. Each service may be configured simultaneously. Perform the following tasks to configure a cluster with multiple routers.
•
•
•
•
•
•
•
Configuring a Service Group Using WCCP Version 2
Running a Web Cache Service
Running a Reverse Proxy Service
Registering a Router to a Multicast Address
Informing a Router of Valid IP Addresses
Setting a Password for a Router and Cache Engines
Step 1
Router(config)# ip wccp web-cache password passwordSets a password for the cache engine the router is trying to access.
Disabling Caching for Certain Clients
Verifying WCCP Configuration Settings
Step 1
Router# show running-configBuilding configuration...Current configuration:!version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryptionservice udp-small-serversservice tcp-small-servers!hostname router4!enable secret 5 $1$nSVy$faliJsVQXVPW.KuCxZNTh1enable password alabama1!ip subnet-zeroip wccp web-cacheip wccp 99ip domain-name cisco.comip name-server 10.1.1.1ip name-server 10.1.1.2ip name-server 10.1.1.3!!!interface Ethernet0ip address 10.3.1.2 255.255.255.0no ip directed-broadcastip wccp web-cache redirect outip wccp 99 redirect outno ip route-cacheno ip mroute-cache!interface Ethernet1ip address 10.4.1.1 255.255.255.0no ip directed-broadcastip wccp 99 redirect outno ip route-cacheno ip mroute-cache!interface Serial0no ip addressno ip directed-broadcastno ip route-cacheno ip mroute-cacheshutdown!interface Serial1no ip addressno ip directed-broadcastno ip route-cacheno ip mroute-cacheshutdown!ip default-gateway 10.3.1.1ip classlessip route 0.0.0.0 0.0.0.0 10.3.1.1no ip http server!!!line con 0transport input noneline aux 0transport input allline vty 0 4password alaska1login!endStep 2
Router# show ip wccpGlobal WCCP information:Router information:Router Identifier: 16.4.2.1Protocol Version: 2.0Service Identifier: web-cacheNumber of Cache Engines: 0Number of routers: 0Total Packets Redirected: 0Total Packets Fast Redirected: 0Total Packets CEF Redirected: 0Total Packets DCEF Redirected: 0Redirect access-list: -none-Packets Denied Redirect (ACL): 0Packets Denied Redirect (Policy): 0Total Packets Unassigned: 0Group access-list: -none-Total Messages Denied to Group: 0Total Authentication failures: 0Policy Tag: 0Policy Type: none
Monitoring and Maintaining WCCP Version 2
Configuration Examples
This section provides the following configuration examples:
•
•
•
•
•
•
Selecting WCCP Version 2
The following example shows the process of changing the WCCP version from the default of WCCP Version 1 to WCCP Version 2:
show ip wccp% WCCP version 2 is not enabledconfigure terminalip wccp version 2endshow ip wccp% WCCP version 1 is not enabledPerforming a General WCCP Version 2 Configuration
The following example shows a general WCCP Version 2 configuration session. WCCP only accepts a
1 to 7 character password.ip wccp web-cache group-address 224.1.1.100 password alabamainterface ethernet0ip wccp web-cache redirect outRunning a Web Cache Service
The following example shows a web cache service configuration session:
configure terminalip wccp web-cacheinterface ethernet 0ip wccp web-cache redirect outRunning a Reverse Proxy Service
The following example shows a reverse proxy service configuration session:
configure terminalip wccp 99interface ethernet 0ip wccp 99 redirect outRegistering a Router to a Multicast Address
The following example shows how to register a router to a multicast address of 224.1.1.100:
configure terminalip wccp web-cache group-address 224.1.1.100interface ethernet 0ip wccp web cache group-listenInforming a Router of Valid IP Addresses
To achieve better security, you can notify the router which IP addresses are valid addresses for a cache engine attempting to register with the current router by using a standard access list. The following example, shows a standard access list configuration session in which the access list number is 10 for some sample hosts:
access-list 10 permit host 11.1.1.1access-list 10 permit host 11.1.1.2access-list 10 permit host 11.1.1.3ip wccp web-cache group-list 10Setting a Password for a Router and Cache Engines
The following example shows a WCCP Version 2 password configuration session in which the password is alabama2:
configure terminalip wccp web-cache password alabama2Disabling Caching for Certain Clients
To disable caching for certain clients, servers, or client/server pairs, you can use WCCP access lists. The following example shows any requests coming from 10.1.1.1 to 12.1.1.1 will bypass the cache. while all other requests will be serviced normally:
configure terminalip wccp web-cache redirect-list 120access-list 120 deny tcp host 10.1.1.1access-list 120 deny tcp any host 12.1.1.1access-list 120 permit ip any anyDisplaying WCCP Settings
The following example displays WCCP settings, using the show running-config command:
Router# show running-configBuilding configuration...Current configuration:!version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryptionservice udp-small-serversservice tcp-small-servers!hostname router4!enable secret 5 $1$nSVy$faliJsVQXVPW.KuCxZNTh1enable password alabama1!ip subnet-zeroip wccp web-cacheip wccp 99ip domain-name cisco.comip name-server 10.1.1.1ip name-server 10.1.1.2ip name-server 10.1.1.3!!!interface Ethernet0ip address 10.3.1.2 255.255.255.0no ip directed-broadcastip wccp web-cache redirect outip wccp 99 redirect outno ip route-cacheno ip mroute-cache!interface Ethernet1ip address 10.4.1.1 255.255.255.0no ip directed-broadcastip wccp 99 redirect outno ip route-cacheno ip mroute-cache!interface Serial0no ip addressno ip directed-broadcastno ip route-cacheno ip mroute-cacheshutdown!interface Serial1no ip addressno ip directed-broadcastno ip route-cacheno ip mroute-cacheshutdown!ip default-gateway 10.3.1.1ip classlessip route 0.0.0.0 0.0.0.0 10.3.1.1no ip http server!!!line con 0transport input noneline aux 0transport input allline vty 0 4password alaska1login!endCommand Reference
This section documents new or modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.1 command reference publications.
ip wccp
To direct a router to enable or disable the support for a cache engine service group, use the ip wccp global configuration command. To remove the ability of a router to control support for a service group, use the no form of this command.
ip wccp {web-cache | service-number} [group-address groupaddress] [redirect-list access-list] [group-list access-list] [password password] [policy {source | destination} tag]
no ip wccp {web-cache | service-number} [group-address groupaddress] [redirect-list access-list] [group-list access-list] [password password] [policy {source | destination} tag]
Syntax Description
Defaults
WCCP services are not enabled on the router.
Command Modes
Global configuration
Command History
12.0(3)T
This command was introduced.
12.0(11)S
The [policy {source | destination} tag] configuration option was introduced.
Usage Guidelines
This configuration command instructs a router to enable or disable the support for the service group specified by the service-name given. A service-name may be either one of the provided standard keyword definitions or a number representing a cache engine dynamically defined definition. Once the service is enabled, the router can participate in the establishment of a service group.
Currently the only provided keyword definition to be used as a service name is web-cache. This keyword is used to describe the existing WCCP Version 1 functionality.
When the ip wccp global configuration command is issued, it instructs the router to allocate space and enable support of the specified WCCP service for participation in a service group.
When the no ip wccp global configuration command is issued, it instructs the router to terminate participation in the service group, deallocate space if none of the interfaces still have the service configured, and terminate the WCCP task if no other services are configured.
Note
The keywords following the service-name are optional and may be specified in any order, but only may be specified once. The following sections outline the specific usage of each of the optional forms of this command:
ip wccp {web-cache | service-number} group-address groupaddress
A WCCP group address can be configured to set up a multicast address that cooperating routers and web caches can use to exchange WCCP protocol messages. If such an address is used, ip multicast routing must be enabled so that the messages using the configured group (multicast) addresses are received correctly. To enable ip multicast routing, use the ip multicast-routing command.
This option instructs the router to use the specified multicast IP address to coalesce the I See You responses for the Here I Am messages that it has received on this group-address. The response is sent to the group-address as well. The default is for no group-address to be configured, in which case all Here I Am messages are responded to with a unicast reply.
ip wccp {web-cache | service-number} redirect-list access-list
This option instructs the router to use an access list to control the traffic that is redirected to the cache engines of the service group specified by the service-name given. The access-list parameter specifies either a number from 1 to 99 to represent a standard or extended access list number, or a name to represent a named standard or extended access list. The access list itself specifies what traffic is permitted to be redirected. The default is for no redirect-list to be configured (all traffic is redirected).
WCCP requires that the following protocols and ports are not filtered by any access-lists:
•
•
ip wccp {web-cache | service-number} group-list access-list
This option instructs the router to use an access list to control the cache engines that can participate in the specified service group. The access-list parameter specifies either a number from 1 to 99 to represent a standard access list number, or a name to represent a named standard access list. The access list itself specifies which cache engines are permitted to participate in the service group. The default is for no group-list to be configured, in which case all cache engines may participate in the service group.
Note
ip wccp {web-cache | service-number} password password
This option instructs the router to use MD5 authentication on the messages received from the service group specified by the service-name given. Use this form of the command to set the password on the router. You must also configure the same password separately on each cache engine. The password can be up to a maximum of seven characters. Messages that do not authenticate when authentication is enabled on the router are discarded. The default is for no authentication password to be configured and authentication to be disabled.
ip wccp {web-cache | service-number} policy {source | destination} tag
This option enables a WCCP to classify packets by some attribute of their source or destination IP addresses. You can configure a WCCP tag to be set on a route using a route map. The source keyword configures WCCP to retrieve the FIB entry matching a packet source IP address. The destination keyword configures WCCP to retrieve the FIB entry matching a packet destination IP address.
Examples
The following example shows a router configured to run WCCP reverse proxy service, using the multicast address of 224.1.1.1. Redirection applies to packets outgoing via interface Ethernet 0:
Router(config)# ip wccp 99 group-address 224.1.1.1Router(config)# interface ethernet 0Router(config-if)# ip wccp 99 redirect outThe following example configures a router to redirect web-related packets received via interface Ethernet 0/1, destined to any host but 192.168.196.51:
Router(config)# access-list 100 deny ip any host 192.168.196.51Router(config)# access-list 100 permit ip any anyRouter(config)# ip wccp web-cache redirect-list 100Router(config)# interface Ethernet 0/1Router(config-if)# ip wccp web-cache redirect inRelated Commands
set ip wccp tag tag
Configures a tag against which to a packet source or destination address.
show ip wccp
Displays global statistics related to the WCCP feature.
ip wccp redirect
To enable packet redirection on an outbound or inbound interface using WCCP, use the ip wccp redirect {out | in} interface configuration command. To disable the ability of a router to verify that appropriate packets are being redirected, use the no form of this command.
ip wccp {web-cache | service-number} redirect {out | in}
no ip wccp {web-cache | service-number} redirect {out | in}
Syntax Description
Defaults
Redirection checking on the interface is disabled.
Command Modes
Interface configuration
Command History
Examples
The following example shows that reverse proxy packets on Ethernet interface 0 are being checked for redirection and redirected to a Cisco Cache Engine, beginning in global configuration mode:
Router# configure terminalRouter(config)# ip wccp web-cacheRouter(config)# interface ethernet 0/1Router(config-if)# ip wccp web-cache redirect outRelated Commands
set ip wccp
To tag a route with a WCCP tag, use the set ip wccp tag tag route-map configuration command.
set ip wccp tag tag
Syntax Description
Defaults
Routes are not configured with a WCCP tag.
Command Modes
Route-map configuration
Command History
Examples
The following example tags a route with the WCCP 50 tag:
ip cef distributed!ip wccp version 2ip wccp web-cache password <pass> policy source 50# enable WCCP standard web-cache# service, apply policy "source"-# match on WCCP route-tag 50!interface <xyz>ip wccp web-cache redirect in!ip bgp-community new-formatip community-list 3 permit 4433:1050ip community-list 3 permit 4433:1055!ip as-path access-list 121 permit ^65521$ip as-path access-list 121 permit ^65522!route-map neighbor-xyz-in permit 10match as-path 121set ip wccp 50!route-map neighbor-xyz-in permit 15match community 3set ip wccp 50Related Commands
ip wccp {web-cache | service-number} policy {source | destination} tag
Enables a WCCP to classify packets by some attribute of their source or destination IP addresses.
Glossary
cache engine—A device that stores objects being downloaded from the Web for future use by the host.
Cisco Express Forwarding (CEF)—A scalable, distributed, Layer 3 switching solution designed to meet performance requirements of the Internet and enterprise networks. CEF can also refer to central CEF mode, one of the two modes of CEF operation that enables a route processor to perform express forwarding.
distributed CEF (dCEF)—One of two modes of CEF operation that enables line cards to perform the express forwarding between port adapters.
FIB—Forwarding information base
line card—A general term for an interface processor that can be used in a line of Cisco products. For example, a VIP is a line card for the Cisco 7500 series router.\
service group—A subset of cache engines within a cluster of routers and routers that are connected to the cluster that are running the same service.
WCCP—Web Cache Communication Protocol—a protocol for communication between routers and Web caches. Two versions currently exist: WCCP Version 1 and WCCP Version 2. The two versions are incompatible. Cisco IOS images may support either of the two versions or both.
